Forbes called 2015, the Year of the Mobile Beacon. AdWeek talks about how beacons are already influencing the way we network, get drunk, vacation, shop, and even how we buy sausage. Ten experts at Marketing Land predicted that this year the whole world of mobile marketing will become acutely location-aware. Plus, if Google, Apple, and Facebook are betting on it, shouldn’t you? We’ll dive in and learn how beacons interact with APIs, how the different beacon protocols work, and what makes for a quality beacon experience. But First:

What are Mobile Beacons?

Beacons are small, often inconspicuous pieces of hardware that allow indoor communication and enable customized mobile marketing, all via low-energy Bluetooth or BLE.

So, are beacons a part of the Internet of Things? Some people have argued no, but I think it’s apparent that beacons are IoT because, literally speaking, they are things that connect to the star of it all—the smartphone—with the end objective of an improved experience. That’s the essence and value of IoT, right?

User Experience Plus User Interaction

“We don’t work with the beacon directly. It’s very passively there but it’s giving us a very active experience,” Dana said. “It’s a proximity center, worked over BLE, with push notification, but we’re not actually directly interacting with the beacon, the beacon is interacting with our mobile device. Some app is driving that user experience. The beacon is the context for that. The beacon is there to gain more insight into what we’re doing.” This is an apparent trend throughout the Internet of Things—machines talking to machines and acting upon that interaction, humans aside.

Blouin gives the example that, if you are in the shaving aisle, you could receive a push notification for 20 percent off Gillette razors if you buy This Item in Aisle Y. “You’re collecting data from X to give to Y.” Talking about how brands can collaborate, he says it’s all about using a beacon to understand “what each other is getting and you want the other to know.”

But, if we look at beacons as a part of the Internet of Things, it can be easy to look at it as another security and privacy complication in the already complicated seven-layer stack. It’s important to look at it as another opportunity for testing and quality assurance.

In the case of MOCA, we have things like ‘Oh, I’m next to a beacon, that means I’m in this place.’ If you’re in this place that means the application knows that you’re in this store and this store has offers and discounts for beverages. It asks the server, ‘What are the discounts?’ The server responds back: ‘Coca-Cola is ten percent off’.”

Guillen went on to describe the process of how the two application programming interfaces or APIs interact. The SDK searches for any beacons in the area. The beacon notifies the smartphone, then the mobile API sends information about where you are along with analytics for future machine learning, and, in return, it asks if there is information to share. The end user then receives a push notification.

On the other side of the cloud layer, the console API is found on the MOCA Platform website. The store owner is able to ask questions like:

How many users have been in the store today?

How many people with this profile have been here?

“Imagine that you’re the store owner, every time a user interacts with a beacon, this user is here,” Guillen said. This locational information combines with other data to uncover behavioral patterns that can be turned into highly segmented marketing campaigns.

Assuring Beacon-Based APIs are Efficient in the Face of Stress and Limited Power

Guillen says that “You have to be efficient enough that you are able to have millions of phones sending data at the same time. You cannot be stuck processing that data. You have to have a process that’s crunching data at its own pace. You are storing all the information, [and] you have to have all the preferences because the users have to have all that information right from the start to prioritize to some tasks and others.”

He recommends using a stress simulator to generate a lot of fake users accessing the server at the same time, to see how far you go and to understand your limits. When you hit that limit, ask “Is that good enough? What happens if we add more servers, does it scale correctly? Maybe we have to think of another way to process that information perhaps horizontally.” He says that it is always their target to have things as horizontally scalable as possible—one million users for one server, two million users for two servers, and so on.

MOCA had this when they provided the official app and beacons to more than 43,000 users at the 2015 Mobile World Congress. Gonzalez describes something that happened there: “You see four beacons. We send the information to our back-end to create a heat map—our server did crash but we had backups, so the architecture worked because they maintained the service.”

But you not only have to make sure that your server doesn’t crash, you have to make sure you aren’t draining the phones either.

Your Software Impacts the Battery Life of Every Device It Runs On

The clients who have applications on users’ phones need to make sure that the app doesn’t use up too much energy, as the end users will simply uninstall the app that’s draining all their battery. “It is very important that, when in range of beacons, we should perform efficient scannings, otherwise we will kill device the battery. iOS performs this scanning without our intervention, but in Android we have the control over the scanning frequencies,” Gonzalez said.

Guillen recommends to have it pull once every 30 seconds or minute, or based on some specific data that arises during testing, and then tweaking once it’s out in the wild.

He also suggests other ways that you can achieve the same level of data while preserving battery life. “Besides GPS, the mobile has other mechanisms to give you information about your location. Just by having the phone on, it can triangulate using the communication towers [for an] approximate position.” You can also set frequency of information pulls based on short-term movement patterns. “Because you’re moving very fast, I’ll ask more frequently, but, if you are staying in one place,” he’ll instead ask infrequently over longer intervals.

The MOCA Platform includes a heat map to help determine the best times to pull based on movement. Guillen says that “for privacy and battery you [sometimes] can’t follow an entire place—in an airplane, it moves fast, but if you’re in a cafe for an hour, you can just send the data once.”

Also, after the first pull to see if there are any messages to send back, a good way to save precious battery is that the mobile phone can store the info and then it’ll group it into a package, only sending once more, perhaps when the phone is charging at home on WiFi.

This all makes it essential that you are testing any beacon-related program on multiple devices over multiple periods of time, preferably at multiple locations.

How Can You Assure Beacons are Efficient?

Like with everything IoT, it’s important not only to test the viability and efficiency of your apps and APIs, but also the viability and efficiency of those “things.” In this case, beacons can be quite finicky and imprecise things with the radio frequency being easily interrupted.

“In the SDK for this particular problem is reliability, determining whether you are close to the beacon or not. The signals have a lot of characteristics but are not stable. We have found a way to try to stabilize the signal so we can have reliable measurements from the beacon,” Gonzalez said.

Not only do you need to test on different devices, but with different obstacles and obstructions that could make things worse.

“There’s the reliability of the beacon itself because these things are quite sensitive,” Guillen said fiddling with a beacon. “If you have walls in the middle, maybe the reach is shorter than you want. If you want to have a radius of 30 meters, how much power do you have to give it?” He recommends to ask multiple beacons to triangulate a more accurate position to get an average of distances.

You also need to test the reliability of the geolocation data, creating a balance between battery preservation, movement and precision.

“If you use multiple beacons to calculate location, you can be more precise about which part of your store your user is at, such as aisles, queues or sections if they are small. Also, you can’t be asking for the user’s position every five seconds, or you end up draining half of the phone’s battery. The reliability of measuring the distance of the beacon, determining if you are in some of the regions—I think this has been one of the most challenging parts of the SDKs because it’s a hand-off between reliability and efficiency.”

For this he says that the first thing developers using the MOCA Platform will test is the reliability of the SDK detecting beacons. You can read more about mobile testing strategies here.

How Can You Assure Security and Privacy With the Openness of Beacons?

The list of the IDs of beacons and approximation of distance are tied to the beacon protocols, but, so far, the majority of beacons are with fully open RF, which means multiple parties could be drawing information from the same beacon.

“Security is very important because you don’t want your account or your privacy compromised, so you have to be able to give access to your app to all of your users, but the client has to be the only one able to retrieve analytics from his application,” Guillen said.

This is where he says OAuth comes in. “You will need it because the information that the mobile retrieves has to be linked to a user in order to be useful. If anyone was able to hack information and send false data about beacons—maybe say that you were in this place and you weren’t there—your profile is getting manipulated by someone else. And that’s going to affect the client because he won’t be able to get good analytics because the data is compromised,” he continued.

Gonzalez jumped in to explain: “You can send a new profile with wrong data, but you cannot corrupt someone else’s profile as its information is securely managed within the phone and in its way to our servers.” He says this is why the user has to use OAuth to log into the app so that his information is just his and not mixed with anyone else. Also, on the client side, they have to be authenticated as well, because they don’t want their information to be leaked out to competitors to breach users and sell their product first.”

OAuth and a secure platform to build on is the best way to assure security, privacy and accuracy of information that comes in via beacons.

Is iBeacon the Prevailing Protocol?

Apple was the first big name to bring beacon to mainstream news with its iBeacon protocol back in 2013. “And after that, a lot of people adopted this protocol because it had a lot of traction,” Gonzalez said.

Director of API architecture at the API blog Mike Amundsen says that the iBeacon real estate is in itself a pretty closed system, admitting that “One way to build a platform is to actually dominate the space so no one can get in.” But he pointed out that this is limiting, saying that, across the Internet of Things, “Someone has to start thinking about the protocols or the formats, independent of some sort of the product or brand.”

Amundsen says that “The challenge is the protocol is really good,” but asks if one protocol can really do it all.

Perhaps that’s why a year after iBeacon, Radius Networks released another standard called theAltBeacon protocol, which is quite similar to the iBeacon but created for the open source community with the goal of greater interoperability. Gonzalez says that AltBeacon “will still work with iOS but maybe in a different way than iBeacon.”

The iBeacon and AltBeacon protocols are just about identifying the beacon itself and its location, but not what the beacon does.

At the start of this year, Google came out with theuriBeacon protocol which is related to URLs.

“Instead of just saying who you are we and where you are, now you can have a beacon directly linked with information to a website. You won’t need anything else, read this info from the beacon directly,” Gonzalez said.

“The great thing about this solution [uriBeacon] is it’s open, it’s pragmatic, and it’s quite straightforward for a lot of people, but what you lose with this solution is you don’t have a lot of flexibility to configure with a console because—imagine you had one thousand beacons in a mall, you would have to go there and program each individual beacon, and the maintenance would be quite high. Other solutions, like the one we’re working on, you don’t have to even go there.”

What Should QA Keep in Mind When Testing Beacons?

When it comes down to it, some of the things you will test for will be common-sense practices for all quality assurance, while others are tips just for the beacon-based world. Here is a checklist for what to test for the best beacon proximity experience—for your customers and for their end users:

As always, keep developer experience as the priority when testing the API console.

Assure back-end synchronization. Make sure that everything that you’ve saved in the console is going to your mobile users without any problem.

Check, can it handle the stress?

Battery consumption is an essential factor.

Find the right beacon protocol that works for your needs.

The SDK must prioritize security and privacy, always remembering that the code is actually running on on the mobile devices.

A great proximity experience is about a great user experience. The pleasure comes in the details.

Have you worked with beacons and beacon protocols? Tell us about your experience below!